COMP5900 COMP4900 2024F: Reading list: Difference between revisions
Lianyingzhao (talk | contribs) mNo edit summary |
Lianyingzhao (talk | contribs) mNo edit summary |
||
| Line 3: | Line 3: | ||
* Introduction to the course and trusted computing | * Introduction to the course and trusted computing | ||
** [https://www.cs.ox.ac.uk/files/1873/RR-08-11.PDF The ten-page introduction to Trusted Computing] | ** [https://www.cs.ox.ac.uk/files/1873/RR-08-11.PDF The ten-page introduction to Trusted Computing] | ||
** Hardware-Based Trusted Computing Architectures for Isolation and Attestation | ** [https://ieeexplore.ieee.org/document/7807249 Hardware-Based Trusted Computing Architectures for Isolation and Attestation] | ||
** Trusted Execution Environment: What It is, and What It is Not | ** [https://ieeexplore.ieee.org/document/7345265 Trusted Execution Environment: What It is, and What It is Not] | ||
* Trust | * Trust | ||
** Bootstrapping Trust in Commodity Computers | ** [https://dl.acm.org/citation.cfm?id=1849988 Bootstrapping Trust in Commodity Computers] | ||
** Reflections on Trusting Trust (Turing Award lecture, 1984) | ** [https://dl.acm.org/citation.cfm?id=358210 Reflections on Trusting Trust] (Turing Award lecture, 1984) | ||
** SafeKeeper: Protecting Web Passwords using Trusted Execution Environments | ** [https://dl.acm.org/citation.cfm?id=3186101 SafeKeeper: Protecting Web Passwords using Trusted Execution Environments] | ||
* Application of TC technologies | * Application of TC technologies | ||
** SCONE: Secure Linux Containers with Intel SGX (*) | ** SCONE: Secure Linux Containers with Intel SGX (*) | ||
Revision as of 23:09, 28 August 2024
You can only sign up for papers with an asterisk (*) at the end of their title.
- Introduction to the course and trusted computing
- Trust
- Application of TC technologies
- SCONE: Secure Linux Containers with Intel SGX (*)
- SGX-Tor: A Secure and Practical Tor Anonymity Network with SGX Enclaves (*)
- EnclaveDB: A Secure Database using SGX (*)
- SGX-Log: Securing System Logs with SGX (*)
- OS integrity: Nighthawk: Transparent System Introspection from Ring -3 (*)
- Hypervisor integrity: HyperCheck: A Hardware-Assisted Integrity Monitor (*)
- Data protection: Pesos: Policy Enhanced Secure Object Store (*)
- Making TC technologies more adoptable/usable
- Flicker: An Execution Infrastructure for TCB Minimization (*)
- Glamdring: Automatic Application Partitioning for Intel SGX (*)
- Occlum: Secure and Efficient Multitasking Inside a Single Enclave of Intel SGX (*)
- Civet: An Efficient Java Partitioning Framework for Hardware Enclaves (*)
- vTZ: Virtualizing ARM TrustZone (*)
- Towards Memory Safe Enclave Programming with Rust-SGX [Rust + SGX] (*)
- RusTEE: Developing Memory-Safe ARM TrustZone Applications [Rust + ARM] (*)
- SGXPy: Protecting integrity of Python applications with Intel SGX [Python + SGX] (*)
- Using ARM TrustZone to Build a Trusted Language Runtime for Mobile Applications [.NET + SGX] (*)
- Side-channel attacks
- Systematic Classification of Side-Channel Attacks: A Case Study for Mobile Devices
- Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution (*)
- Meltdown: Reading Kernel Memory from User Space (*)
- Spectre Attacks: Exploiting Speculative Execution (*)
- Latest: Downfall: Exploiting Speculative Data Gathering (*)
- Internal misbehavior: memory attacks
- SoK: Eternal War in Memory (*)
- Memory Errors: The Past, the Present, and the Future
- Defense: C-FLAT: Control-Flow Attestation for Embedded Systems Software (*)
- Defense: PTAuth: Temporal Memory Safety via Robust Points-to Authentication (*)
- Attacking the defense: PACMAN: Attacking ARM Pointer Authentication with Speculative Execution (*)
- Human authenticating machine
- Turtles All The Way Down: Research Challenges in User-Based Attestation
- Stark: Tamperproof Authentication to Resist Keylogging (*)
- Evil maid goes after PGP whole disk encryption
- PRISM/ Human-Verifiable Code Execution (*)
- State continuity
- Memoir: Practical state continuity for protected modules (*)
- ROTE: Rollback Protection for Trusted Execution (*)
- Ariadne: A Minimal Approach to State Continuity (*)
- Secure input/output
- SeCloak: ARM TrustZone-based Mobile Peripheral Control
- Building trusted path on untrusted device drivers for mobile devices (*)
- TruZ-Droid: Integrating TrustZone with Mobile Operating System (*)
- Establishing Trusted I/O Paths for SGX Client Systems with Aurora (*)
- VButton: Practical Attestation of User-driven Operations in Mobile Apps (*)
- ProtectIOn: Root-of-Trust for IO in Compromised Platforms (*)
- Fidelius: Protecting User Secrets from Compromised Browsers (*)
- Proposed hardware improvements
- Fine-grained isolation: IMIX: In-Process Memory Isolation EXtension (*)
- Memory safety: HAFIX: Hardware-Assisted Flow Integrity Extension (*)
- Integrity monitoring: Co-processor-based Behavior Monitoring: Application to the Detection of Attacks Against the System Management Mode (*)
- Integrity monitoring: CPU Transparent Protection of OS Kernel and Hypervisor Integrity with Programmable DRAM (*)
- Proposals based on existing (non-security) hardware support
- PixelVault: Using GPUs for Securing Cryptographic Operations (*)
- Graviton: Trusted Execution Environments on GPUs (*)
- GRIFFIN: Guarding Control Flows Using Intel Processor Trace (*)
- T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs (*)